EU General Data Protection Regulation Sanctions in Theory and in Practice - Archive ouverte HAL Accéder directement au contenu
Article Dans Une Revue Santa Clara Computer and High Technology Law Journal Année : 2021

EU General Data Protection Regulation Sanctions in Theory and in Practice

W. Gregory Voss
Hugues Bouthinon-Dumas
  • Fonction : Auteur
  • PersonId : 1270779
  • IdRef : 117325120

Résumé

Prior to the application of the EU General Data Protection Regulation (GDPR), one result of the low maximum corporate fines for violations under the preceding data protection legislation was, arguably, a lack of compliance by U.S. Tech Giants and other companies. At least on paper, this changed under the GDPR. This study approaches the issue of GDPR sanctions, not through the lens of a catastrophe waiting to happen, but instead though a development first of the theoretical grounds for sanctions, prior to a view of the practical side of them. In doing so, it is somewhat unique and adds to the GDPR literature. Furthermore, it engages the legal strategy and compliance literature to bring its results home to inform companies as to the risks involved and to provide strategic recommendations both for companies and for regulators. Among the several sub-goals of sanctions, this study determines that the most relevant for an analysis of GDPR sanctions—which are administrative, regulatory and financial sanctions, in large part—is the deterrence function, beyond the symbolic functions. This demands effective and substantial administrative fines. While these are not the only sanctions available under the GDPR—this study also sets out a range of possible sanctions, such as judicial compensation and orders to halt data processing—they are perhaps the most characteristic of data protection enforcement. However, through what is referred to as the one-stop-shop mechanism, the Irish DPA is the lead authority for most of the U.S. Tech Giants, and it has failed to act against them up to now, resulting in a potential lack of deterrence. This study argues that, on the one hand, companies should embrace compliance, and on the other hand, truly dissuasive administrative fines must be issued by supervisory authorities when they are justified, in order for the sanctions to have their necessary deterrence effect.
Fichier principal
Vignette du fichier
EU GENERAL DATA PROTECTION REGULATION SANCTIONS IN THEORY AND IN PRACTICE.pdf (1.07 Mo) Télécharger le fichier
Origine : Accord explicite pour ce dépôt

Dates et versions

hal-03108500 , version 1 (13-01-2021)

Licence

Copyright (Tous droits réservés)

Identifiants

  • HAL Id : hal-03108500 , version 1

Citer

W. Gregory Voss, Hugues Bouthinon-Dumas. EU General Data Protection Regulation Sanctions in Theory and in Practice. Santa Clara Computer and High Technology Law Journal, 2021, Santa Clara High Technology Law Review, 37 (1), pp.1. ⟨hal-03108500⟩
43 Consultations
652 Téléchargements

Partager

Gmail Facebook X LinkedIn More